Home Lab Series: Networking v3

I thought it was about time for an update on the status of my home lab specifically my networking including routing, fire-walling and switching for both general traffic and storage traffic. My current networking rack has the following equipment in it:

24U – Cisco 1921 with a EHWIC-VA-DSL-A module which is a Cisco Multimode VDSL2 and ADSL2/2+ High-Speed WAN Interface Card

23U – Cable Management

22U – Cisco ASA 5550

21U – Cable Management

20U & 19U – Cisco 2921 with a VIC2-4FXO module which is a 2-port FXO voice/fax interface card, a FXO port is used to connect to PBX system, or to provide off-premises connections to PSTN. Supports battery reversal detection and caller ID. These Cisco VICs can be software configured to work in all countries, and also a VIC3-4FXS/DID which is a 4-port FXS/DID voice/fax interface card, FXS ports are used to connect directly to phones and fax machines. Generates battery polarity reversal and caller ID. DID port is used to provide off-premises DID connection from central office. Serves only incoming calls from the PSTN. Does not support caller ID in DID mode.

18U – Cable Management

17U – Cisco MDS 9148 which is a multi layer Fabric Switch which is capable of 8Gb Fibre Channel.

16U – Cable Management

15U – Cisco WLC 5508 which is a wireless LAN controller

14U – Blanking Plate – Reserved for Cable Management

13U – Blanking Plate – Reserved for Cisco Nexus 3064PQ-10GE

12U – Blanking Plate – Reserved for Cable Management

11U – Blanking Plate – Reserved for Cable Management

10U – Cisco WS-C3750E-48PD

9U – Cable Management

8U – Cisco WS-C3750E-48PD

7U – Cable Management

6U – Cisco WS-C3750E-48PD

5U – 24 Port Patch Panel

4U – 24 Port Patch Panel

3U – Cisco WS-C3750E-48PD

2U – 24 Port Patch Panel

1U – 24 Port Patch Panel

Since I am about to upgrade my home lab from multiple 1GbE links connected to the stack of Cisco WS-C3750E-48PD switches to a Cisco Nexus 3064PQ-10GE I am going to need a faster Layer 3 device which means upgrading or replacing the Cisco ASA 5550 firewall which currently serves all of my Layer 3 networking requirements.

I have opted to build my own firewall device since 10GbE firewalls are still too expensive for my home lab. I spent £600 on the purchase of my Cisco ASA 5550 and they are still selling for that price on eBay so my plan is to build a 1U rack mount server which is capable of firewalling / routing traffic faster than the Cisco ASA 5550 and hopefully as close to 10GbE as possible.

I started out looking at small off the shelf servers from DELL since I am familiar with their kit and I already have a whole 24U of their servers and storage in my lab so it made sense to stick with that. I chose a DELL PowerEdge R210 II server which is capable of supporting an INTEL Xeon E3-1200 v2 CPU, I managed to find the highest specification CPU that the server would support on eBay for £200, I managed to pick up an INTEL X520-SR2 10GbE network card with 2 x SR SFP+ modules of £100 on eBay, I found 4 x 8Gb sticks of ECC Unbuffered 1600MHz DIMMS on eBay for £45 each, those of you who are doing the maths will have realized that I have now spent £480 this left me with £220 for the server and a boot device, I managed to find a DELL PowerEdge R210 II with an older generation INTEL Xeon E3-1220 and 4GB of RAM on eBay for £67, I managed to find the Bezel and the Rack Mount Rails for £45, this left me with £8 which was perfect for a pair of USB 2.0 4GB USB Memory Sticks.

My hope is that the 32GB of 1600MHz memory combined with the 3.7GHz CPU will enable me to get pretty close to forwarding traffic at 10GbE. I decided to run pfSense on my home built 10GbE firewall device, My intention is to LACP the 2 x 1GbE on board ports for management traffic only and then LACP the 2 x 10GbE ports and then create sub interfaces for each VLAN that I need to be able to access. I am sure you are now wondering why so much memory given that pfSense can run in under 1GB of RAM, that is quite simple, I intend to run Squid and enable an in memory cache, at some point I am also contemplating adding a mirrored pair of SSDs for Squid to use as a disk cache for larger files e.g. Windows Updates.

Stay tuned there are photos coming soon… and also some performance testing results.